Leet Sheet
  • Leet Sheet
  • TODO
  • Reconnaissance
    • Automated Reconnaissance
    • Domains
    • Scour the Web
    • Metadata
  • Web App Hacking
    • Enumeration
      • Webserver Virtualhost Subdomains
      • Common Identifiers
      • Web Fuzzing
      • Directory Enumeration
        • Automated Directory Enumeration
        • Manual Directory Enumeration
      • Automated Web Technology Detection
    • User Attacks
      • CORS Misconfigurations
      • DNS Rebinding
      • Open Redirect
      • Clickjacking
      • Cross Site Request Forgery (CSRF)
      • Session Fixation
      • XSS/Cross Site Scripting
      • CSS Injection
      • HTML Injection
      • Phishing
    • Database Attacks
      • SQL Injection
      • Get a Shell From DB Connection
    • Server Attacks
      • Collisions
      • Server Side Request Forgery
        • Redis SSRF
      • Insecure Direct Object Reference
      • Timing-Based Side-Channel Attacks
      • Attacking Authentication Methods
        • JWT Attacks
        • Brute Forcing Web Forms
      • Loose Comparisons
      • Unrestricted File Upload
      • Insecure Deserialization
      • Command Injection
      • Path Traversal
      • File Inclusion
      • Server-Side Template Injection
      • XML External Entities Injection (XXE)
      • Server Misconfigurations
      • Parser Inconsistencies
      • Bypassing WAFs
    • DNS Attacks
    • Cloud Attacks
      • Amazon Web Services
    • Interesting Outdated Attacks
      • SQL Truncation
  • Network Hacking
    • General Enumeration
    • RPC
    • LDAP
    • SMB
    • SNMP
    • WMI
    • SSH
    • Kerberos
    • NTLM
    • Man-In-the-Middle (MITM)
    • WinRM
  • Post Exploitation
    • Windows
      • CLI Tips
      • Shells
      • Windows Script Host
      • Windows Privilege Escalation
        • Enumeration
        • JuicyPotato/RottenPotato
        • Kernel Exploits
        • Unquoted Service Paths
      • Active Directory
      • Dumping Passwords
      • NTLM Hash Theft
    • Linux
      • Port Forwarding
      • Shells
      • Linux Privilege Escalation
        • Enumeration
        • SUID Bit
        • Dot (.) In PATH
        • Escape From Restricted Shell
        • Symlink Trickery
        • Wildcard Injection
        • Docker group/LXD group
        • Password Reuse
      • Backdoors
    • Docker Container
    • General
  • Various
    • CVEs
    • SSH Agent Hijacking
    • Password Cracking
    • Cryptography
    • Non-Hacking
    • Malware
    • Forensics
      • Reading Keystrokes from USB PCAP Data
  • Binary Exploitation
    • Resources
    • Base Knowledge
    • Format String Exploits
    • Stack Smashing
    • Heap Exploits
    • Time-of-Check to Time-of-Use (TOCTOU)
    • Shellcode
    • Decompilation
    • Debugging
    • Exploit Mitigations and Protections
    • Exploit Protection Bypassing
    • Passing Input
    • Fuzzing
    • Automatic Exploitation
  • Physical Security
    • Mechanical Locks
    • Electronic Locks
    • Other Attacks
    • Destructive Entry
    • Elevator Attacks
  • Social Engineering
    • Phishing
Powered by GitBook
On this page
  • Homoglyphs
  • Fake Window
  • Reverse Tabnabbing
  • Spear Phishing
  • Email Spoofing

Was this helpful?

  1. Social Engineering

Phishing

PreviousElevator Attacks

Last updated 2 years ago

Was this helpful?

Homoglyphs

Homoglyphs are Unicode characters that look visually similar to an ASCII character, but are different. You can use these to make your phishing attacks more convincing.

Note: Gmail shows a warning when this is used, but not all email providers do.

Also, you can register a domain with a homoglyph and direct users there.

Fake Window

Using Javascript, you can make a fake window that looks exactly like Facebook and that asks you for the login (for OAuth logins).

Reverse Tabnabbing

If a website has a link like this:

<li>
    <a href="bad.example.com" target="_blank">
        Vulnerable target using html link to open the new page
    </a>
</li>

Or like this:

<button onclick="window.open('https://bad.example.com')">
    Vulnerable target using javascript to open the new page
</button>

Then it’s vulnerable to reverse tabnabbing (tested 23 May 2019 on Firefox and Chrome).

Note: target="_blank" is used to get the link to open in a new tab.

When you have target="_blank", then you should also really have rel="noopener noreferrer" next to it. Otherwise, bad.example.com will have the window.opener object available to it. If the website bad.example.com runs this Javascript:

window.opener.location = "https://phish.example.com";

Then the original tab will be redirected to a phishing site.

Example: Facebook lets you link to your site using target="_blank". On your site, you run the above Javascript and the original Facebook tab will be redirected to https://phish.example.com. Assuming you control that domain, you can have it be a phishing site that asks the user to re-enter their password, or something similar.

Spear Phishing

Targeted attacks:

Email Spoofing

One way to do this is via open relay servers, but those might get blacklisted and there’s a better alternative:

Buy a domain (or use a free one that allows emails to be sent, like 000webhostapp) and create a PHP script that allows you to send emails with custom SMTP headers.

This works after changing the form action in index.php:

Note: the script doesn't accept unicode.

Hosted at

http://oger55.000webhostapp.com/spoofer/
Undetectable Spear Phishing using Homograph Attacks
WARNING – New Phishing Attack That Even Most Vigilant Users Could Fall For – PentestToolsPentestTools
Reverse Tabnabbing Software Attack | OWASP Foundation
Advanced Threat Tactics - Course and Notes - Cobalt Strike Research and DevelopmentCobalt Strike Research and Development
Logo
GitHub - ShubhamBadal/email-spoofer: A PHP script to send email from any Email ID without permission.GitHub
Logo
Logo
Logo
Logo